[ge-talk] Security services provided by OS
Michael Phipps
mphipps1 at rochester.rr.com
Sun Jan 7 14:16:42 EST 2007
Paul van Nugteren wrote:
> Are you sure? Seems a pretty obvious idea...
>
>> Protection #2 (prevent application from destroying files) actually has a
>> very simple solution which no OS really uses, which is quite puzzling.
>> Simply restrict the application from only modifying files in its current
>> directory or lower, but never higher. ie. an application in
>> /boot/apps/Sandbox can only modify files in the Sandbox directory and
>> lower
>> (and obviously ~/config/settings/Sandbox). If an application needs to do
>> anything outside it's boundaries, pop up an alert asking for permission /
>> password. There is also a third directory which we will allow access to,
>> and that is wherever the user open/saved a file to. This approach allows
>> audio players to access my MP3 directory, but never /boot/beos/system).
>> Spawned applications inherit directory restrictions.
>
>
> Still the mp3 player needs to write to '/dev/audio'. I think the system
> should never allow it too read anything else than music files, but what
> about private voice recordings? It could read those and secretly upload.
That's a security issue, though. Or, at the very least, a sharing issue.
I would hope that no one would ever write a Haiku mp3 player that doesn't
use the media kit. Even if only to say "I need exclusive access to the
audio for a while".
More information about the glasselevator-talk
mailing list